Network Defense Analyst
The CERT Situational Awareness group researches and develops cutting-edge network security analysis techniques for operational use in high-impact environments. The CERT Situational Awareness Network Defense Analyst will:
- Participate in and lead technical efforts, including development and prototyping of new analysis techniques, tools, and platforms, preparation of analytic reports, and contributions to research publications.
- Be respected as a subject matter expert by customers, commercial vendors, and the Internet community as a whole
- Be expected to appreciably advance the state of art of cybersecurity analytics.
Minimum Qualifications and Requirements:
Education/Training/Professional Experience: Bachelor’s Degree in Computer Science or related scientific/technical field with eight (8) years experience in network operations, security operations, or network security research; Master’s Degree in Computer Science or related scientific/technical field with five (5) years experience in network operations, security operations, or network security research; PhD in Computer Science or related discipline with two (2) years experience in network operations, security operations, or network security research; or equivalent combination of training and experience.
- Capable of conducting and supporting analytical studies and investigations of network security data.
- Significant understanding of and practical experience with various Internet protocols (e.g., TCP/IP, HTTP, DNS, SMTP, BGP).
- Significant knowledge of at least one modern operating system (e.g., Linux, BSD, Solaris, Windows).
- Understanding of network security issues at all protocol layers.
- Understanding of host/operating system security issues.
- Operational knowledge and significant understanding of network security devices such as Intrusion Detection Systems, Firewalls, Security Information Managers, Network Vulnerability Scanners.
- Operational knowledge and understanding of routing and switching protocols, including Internet routing.
- Ability to function in the role of a consultant with some guidance from senior staff members.
- Excellent planning and organizational skills.
- Strong problem solving skills.
- Excellent oral and written communication skills.
- Ability to work well with minimal direction and with teams.
- Ability to think abstractly
- Ability to explain technical terms in business language/solutions
- Ability to translate business requirements into technical requirements
- Strong system-level thinking
- Understanding of levels of architecture (e.g. solution, systems, enterprise)
- Understanding of business process, business transactions, applications, services as they relate to network and security technology
- Ability to work effectively with customers (internal and external), business analysts, developers and system integrators
- Demonstrated ability to communicate and work with senior leaders
Physical Mobility: Primarily sedentary in an office setting with some mobility. Flexibility to travel to various locations within the SEI and CMU community, including sponsor sites, conferences, and meetings.
Environmental Conditions: Normal office conditions; close contact with computer display for extended periods of time.
Mental: Ability to work meticulously with careful attention to detail; ability to meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; ability to participate in conversations collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to develop and communicate innovative ideas; ability to take leadership role in technical projects; ability to quickly learn new procedures, techniques, approaches, etc.
Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.
Preferred Qualifications and Requirements:
Experience. Stronger candidates will be able to demonstrate past experience working:
- In collaborative environments with team members who have diverse skills and roles
- In the public forum of the broader information security community
- Directly with customers from government and/or industry (multiple critical infrastructure)
- In data visualization
- With specialized technologies such as data mining, clustering, machine learning, neural networks, distributed computing and/or big data platforms
- Scripting and/or programming in a high level language, including participation in sound software engineering (e.g. version control, documentation).
Accountability: The individual is accountable for: Active participation in the overall Situational Awareness R&D effort; Participating in the production of original publications in network security analysis; Participating in public speaking engagements, including at remote locations.
Direction: The individual is expected to act with minimal direction using CMU, SEI, CERT and Monitoring and Response defined policies, practices, and procedures – within the scope of assigned work.
Decisions: The individual is expected to participate in the decision-making and problem-solving processes of basic requirements elicitation and validation participation in fundamental research in network security.
Supervisory Responsibilities: This position does not formally supervise others.
Job Functions and Responsibilities:
60% Participate in studies of data from operational networks, and advise network operators in written reports and presentations on security posture improvements based on those studies.
35% Participate in the development of novel approaches to network security analysis, and create prototype tool implementations.
5% Speak publicly and to customers on work performed.
100% TOTAL EFFORT
Organizational Chart: Monitoring and Response Technical Director < Situational Awareness Technical Manager < Analysis Team Lead < Network Security Analyst
Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran
Software Engineering Institute
The SEI works closely with defense and government organizations, industry, and academia to continually improve software-intensive systems. Our core purpose is to help organizations improve their software engineering capabilities and to develop or acquire the right software, defect free, within budget and on time, every time. To accomplish this, the SEI
- performs research to explore promising solutions to software engineering problems
- identifies and codifies technological and methodological solutions
- tests and refines the solutions through pilot programs that help industry and government solve their problems
- widely disseminates proven solutions through training, licensing, and publication of best practices
Pervasive Mobile Computing, Security & Survivability, Measurement & Analysis, Cyber-Physical Systems, Digital Intelligence & Forensics, Acquisition Support, Software Architecture, Ultra-Large-Scale Systems, Risk Management, Process & Performance Improvement
Company Type: Non Profit
Company Size: 501-1000